Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2011-11-24 04:01
Updated : 2024-02-04 17:54
NVD link : CVE-2011-4312
Mitre link : CVE-2011-4312
CVE.ORG link : CVE-2011-4312
JSON object : View
Products Affected
reviewboard
- review_board
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')